Make kolla ansible user and group configurable

In some cases it is useful to use a user other than the default 'kolla'
to perform kolla ansible remote execution. Kolla is adding support for
this in the Rocky release, we should use it.

It is now possible to configure a different user via the
kolla_ansible_user and kolla_ansible_group variables.

Depends-On: https://review.openstack.org/581330

Change-Id: I280fb8f70eacd31fff0ae5671ddd6608cd02ae6e
Story: 2002914
Task: 22892
This commit is contained in:
Mark Goddard 2018-07-09 15:45:16 +01:00
parent bb28786069
commit 41740f9752
11 changed files with 61 additions and 6 deletions

View File

@ -294,6 +294,16 @@ kolla_openstack_logging_debug: "False"
# Upper constraints file for installation of Kolla.
kolla_upper_constraints_file: "https://raw.githubusercontent.com/openstack/requirements/stable/queens/upper-constraints.txt"
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: true
###############################################################################
# Kolla feature flag configuration.

View File

@ -39,7 +39,7 @@
path: "{{ kolla_ansible_target_venv }}"
recurse: True
state: directory
owner: kolla
group: kolla
owner: "{{ kolla_ansible_user }}"
group: "{{ kolla_ansible_group }}"
become: True
when: kolla_ansible_target_venv is not none

View File

@ -35,6 +35,16 @@ kolla_node_custom_config_path:
# Path to kolla-ansible passwords.yml input file.
kolla_ansible_passwords_path:
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: true
###############################################################################
# Kolla-ansible inventory configuration.

View File

@ -48,6 +48,12 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
# kolla_external_vip_address.
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
# User account to use for Kolla SSH access.
kolla_user: "{{ kolla_ansible_user }}"
# Primary group of Kolla SSH user.
kolla_group: "{{ kolla_ansible_group }}"
################
# Docker options
################

View File

@ -28,8 +28,10 @@
{% endfor %}
[overcloud:vars]
ansible_user=kolla
ansible_user={{ kolla_ansible_user }}
{% if kolla_ansible_become | bool %}
ansible_become=true
{% endif %}
{% if kolla_ansible_target_venv is not none %}
# Execute ansible modules on the remote target hosts using a virtualenv.
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python

View File

@ -6,7 +6,7 @@
{% endfor %}
[seed:vars]
ansible_user=kolla
ansible_user={{ kolla_ansible_user }}
{% if kolla_ansible_target_venv is not none %}
# Execute ansible modules on the remote target hosts using a virtualenv.
ansible_python_interpreter={{ kolla_ansible_target_venv }}/bin/python

View File

@ -95,6 +95,8 @@
kolla_enable_tls_external: False
kolla_external_fqdn_cert: "fake-cert"
openstack_logging_debug: False
kolla_user: "kolla"
kolla_group: "kolla"
- name: Validate variables are absent from globals.yml
assert:

View File

@ -23,6 +23,8 @@
kolla_node_custom_config_path: "{{ temp_path }}/etc/kolla/config"
kolla_ansible_passwords_path: "{{ temp_path }}/passwords.yml"
# Config.
kolla_ansible_user: "fake-user"
kolla_ansible_group: "fake-group"
kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type"
kolla_docker_namespace: "fake-namespace"
@ -165,6 +167,8 @@
globals_yml: "{{ lookup('file', temp_path ~ '/etc/kolla/globals.yml') | from_yaml }}"
expected_variables:
config_strategy: "COPY_ALWAYS"
kolla_user: "fake-user"
kolla_group: "fake-group"
kolla_base_distro: "fake-distro"
kolla_install_type: "fake-install-type"
openstack_release: "fake-release"

View File

@ -55,8 +55,8 @@
src: "{{ swift_ring_build_path }}/{{ item[0] }}.{{ item[1] }}"
dest: "{{ kolla_config_path }}/config/swift/{{ item[0] }}.{{ item[1] }}"
remote_src: True
owner: kolla
group: kolla
owner: "{{ ansible_user_uid }}"
group: "{{ ansible_user_gid }}"
mode: 0644
with_nested:
- "{{ swift_service_names }}"

View File

@ -141,6 +141,19 @@
# Whether debug logging is enabled.
#kolla_openstack_logging_debug:
# Upper constraints file for installation of Kolla.
#kolla_upper_constraints_file:
# User account to use for Kolla SSH access.
#kolla_ansible_user:
# Primary group of Kolla SSH user.
#kolla_ansible_group:
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
#kolla_ansible_become:
###############################################################################
# Kolla feature flag configuration.

View File

@ -0,0 +1,8 @@
---
features:
- |
Adds support for configuration of the user used by Kolla Ansible for remote
execution. The user is configured via ``kolla_ansible_user``, its primary
group via ``kolla_ansible_group``, and ``kolla_ansible_become`` determines
whether privilege escalation is used by Kolla Ansible for all tasks or only
required tasks.